EUVD-2022-34734

Malicious code in bioql PyPI...

CVE-2025-2498 Insufficient Granularity of Access Control in GitLab

An improper access control in Gitlab EE affecting all versions from 12.0 prior to 18.0.6, 18.1 prior to 18.1.4, and 18.2 prior to 18.2.2 that under certain conditions could have allowed users to view assigned issues from restricted groups by bypassing IP restrictions...

Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates

Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 5.0.21 LTS, 12.0.4 LTS and 12.4.0 contain fixes to the listed CVEs found in the base images. This bulletin provides patch information to address the reported...

GO-2022-1253 usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos

usememos/memos has Insufficient Granularity of Access Control in github.com/usememos/memos...

Security Bulletin: IBM Storage Ceph is vulnerable to Insufficient Granularity of Access Control in Ceph (CVE-2023-43040)

Summary Ceph RGW is used by IBM Storage Ceph in RGW as part of storage. CVE-2023-43040 This bulletin identifies the steps to take to address the vulnerability in Ceph. Vulnerability Details CVEID:CVE-2023-43040 DESCRIPTION: IBM Spectrum Fusion HCI could allow an attacker to perform unauthorized...

Insufficient Granularity Of Access Control

lunary is vulnerable to an Insufficient Granularity of Access Control vulnerability. The vulnerability is due to improper validation of dataset ownership, allowing users to create, update, get, and delete prompt variations for datasets not owned by their organization, leading to unauthorized...

GHSA-3MWC-2CJ7-GX8C lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management

Withdrawn: This advisory was incorrectly linked the the npm package lunary. The advisory is valid, but not for that package. In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete prompt variations for datase...

CVE-2023-32259

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X SMAX, OpenText™ Asset Management X AMX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X SMAX versions 2020.05, 2020.08,...

CVE-2023-32259 Potential Insufficient Access Control vulnerability has been identified in OpenText™ SMAX/AMX products.

Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X SMAX, OpenText™ Asset Management X AMX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X SMAX versions 2020.05, 2020.08,...

RHEL 8 : Red Hat Virtualization Host 4.4.z SP 1 (RHSA-2023:5209)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:5209 advisory. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host,...

CVE-2023-3227 Insufficient Granularity of Access Control in fossbilling/fossbilling

Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0...

Improper Access Control

github.com/usememos/memos is vulnerable to improper access control. Insufficient granularity of access control due to insecure direct object references allows an attacker to delete the victim's archived memos...

GHSA-7QPW-2J9M-RW8C usememos/memos has Insufficient Granularity of Access Control

An Insufficient Granularity of Access Control in usememos/memos prior to 0.9.0 can allow an attacker to delete a memo from the archives...

CVE-2022-4801

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1...

CVE-2022-4801 Insufficient Granularity of Access Control in usememos/memos

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1...

CVE-2022-4813 Insufficient Granularity of Access Control in usememos/memos

Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1...

CVE-2022-4801

CVE-2022-4801 affects usememos/memos versions prior to 0.9.1 and is caused by Insufficient Granularity of Access Control (authorization flaw). The vulnerability can allow an attacker to archive any user’s post (public or private), as described across multiple sources (GHSA/OSV/Red Hat references)...

CVE-2022-4813

Vulnerability : usememos/memos prior to 0.9.1 has insufficient granularity of access control, enabling an IDOR on archived memos. Root cause : inadequate authorization checks on archive objects. Impact : attacker could delete archived memos (per multiple sources mentioning deletion via IDOR). Aff...

CVE-2022-36110 Netmaker vulnerable to Insufficient Granularity of Access Control

Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...

CVE-2021-31384

CVE-2021-31384 affects Juniper Networks Junos OS on SRX Series. The vulnerability stems from a Missing Authorization weakness and insufficient granularity of access control in a specific device configuration, allowing an attacker to reach J-Web administrative interfaces from any device interface,...